Initial commit

node_modules/helmet-csp/dist/index.d.ts

@@ -0,0 +1,5 @@
+/// <reference types="node" />
+import { IncomingMessage, ServerResponse } from 'http';
+import { CspOptions } from './lib/types';
+declare const _default: (options: CspOptions) => (req: IncomingMessage, res: ServerResponse, next: () => void) => void;
+export = _default;

node_modules/helmet-csp/dist/index.js

@@ -0,0 +1,75 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var camelize_1 = __importDefault(require("camelize"));
+var content_security_policy_builder_1 = __importDefault(require("content-security-policy-builder"));
+var bowser_1 = __importDefault(require("bowser"));
+var is_function_1 = __importDefault(require("./lib/is-function"));
+var check_options_1 = __importDefault(require("./lib/check-options"));
+var contains_function_1 = __importDefault(require("./lib/contains-function"));
+var get_header_keys_for_browser_1 = __importDefault(require("./lib/get-header-keys-for-browser"));
+var transform_directives_for_browser_1 = __importDefault(require("./lib/transform-directives-for-browser"));
+var parse_dynamic_directives_1 = __importDefault(require("./lib/parse-dynamic-directives"));
+var config_1 = __importDefault(require("./lib/config"));
+module.exports = function csp(options) {
+    check_options_1.default(options);
+    var originalDirectives = camelize_1.default(options.directives || {});
+    var directivesAreDynamic = contains_function_1.default(originalDirectives);
+    var shouldBrowserSniff = options.browserSniff !== false;
+    if (shouldBrowserSniff) {
+        return function csp(req, res, next) {
+            var userAgent = req.headers['user-agent'];
+            var browser;
+            if (userAgent) {
+                browser = bowser_1.default.getParser(userAgent);
+            }
+            else {
+                browser = undefined;
+            }
+            var headerKeys;
+            if (options.setAllHeaders || !userAgent) {
+                headerKeys = config_1.default.allHeaders;
+            }
+            else {
+                headerKeys = get_header_keys_for_browser_1.default(browser, options);
+            }
+            if (headerKeys.length === 0) {
+                next();
+                return;
+            }
+            var directives = transform_directives_for_browser_1.default(browser, originalDirectives);
+            if (directivesAreDynamic) {
+                directives = parse_dynamic_directives_1.default(directives, [req, res]);
+            }
+            var policyString = content_security_policy_builder_1.default({ directives: directives });
+            headerKeys.forEach(function (headerKey) {
+                if (is_function_1.default(options.reportOnly) && options.reportOnly(req, res) ||
+                    !is_function_1.default(options.reportOnly) && options.reportOnly) {
+                    headerKey += '-Report-Only';
+                }
+                res.setHeader(headerKey, policyString);
+            });
+            next();
+        };
+    }
+    else {
+        var headerKeys_1 = options.setAllHeaders ? config_1.default.allHeaders : ['Content-Security-Policy'];
+        return function csp(req, res, next) {
+            var directives = parse_dynamic_directives_1.default(originalDirectives, [req, res]);
+            var policyString = content_security_policy_builder_1.default({ directives: directives });
+            if (is_function_1.default(options.reportOnly) && options.reportOnly(req, res) ||
+                !is_function_1.default(options.reportOnly) && options.reportOnly) {
+                headerKeys_1.forEach(function (headerKey) {
+                    res.setHeader(headerKey + "-Report-Only", policyString);
+                });
+            }
+            else {
+                headerKeys_1.forEach(function (headerKey) {
+                    res.setHeader(headerKey, policyString);
+                });
+            }
+            next();
+        };
+    }
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/boolean.js

@@ -0,0 +1,10 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var is_boolean_1 = __importDefault(require("../../is-boolean"));
+module.exports = function (key, value) {
+    if (!is_boolean_1.default(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use `true` or `false`.");
+    }
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/index.js

@@ -0,0 +1,30 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var boolean_1 = __importDefault(require("./boolean"));
+var plugin_types_1 = __importDefault(require("./plugin-types"));
+var report_uri_1 = __importDefault(require("./report-uri"));
+var require_sri_for_1 = __importDefault(require("./require-sri-for"));
+var sandbox_1 = __importDefault(require("./sandbox"));
+var source_list_1 = __importDefault(require("./source-list"));
+var checkers = {
+    boolean: boolean_1.default,
+    pluginTypes: plugin_types_1.default,
+    reportUri: report_uri_1.default,
+    requireSriFor: require_sri_for_1.default,
+    sandbox: sandbox_1.default,
+    sourceList: source_list_1.default,
+};
+module.exports = function checkDirective(key, value, options) {
+    if (options.loose) {
+        return;
+    }
+    if (!Object.prototype.hasOwnProperty.call(config_1.default.directives, key)) {
+        throw new Error("\"" + key + "\" is an invalid directive. See the documentation for the supported list. Force this by enabling loose mode.");
+    }
+    // This cast is safe thanks to the above check.
+    var directiveType = config_1.default.directives[key].type;
+    checkers[directiveType](key, value);
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/plugin-types.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+var notAllowed = ['self', "'self'"].concat(config_1.default.unsafes);
+module.exports = function pluginTypesCheck(key, value) {
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To block everything, set " + key + " to [\"'none'\"].");
+    }
+    value.forEach(function (pluginType) {
+        if (!pluginType) {
+            throw new Error("\"" + pluginType + "\" is not a valid plugin type. Only non-empty strings are allowed.");
+        }
+        if (is_function_1.default(pluginType)) {
+            return;
+        }
+        pluginType = pluginType.valueOf();
+        if (typeof pluginType !== 'string' || pluginType.length === 0) {
+            throw new Error("\"" + pluginType + "\" is not a valid plugin type. Only non-empty strings are allowed.");
+        }
+        if (notAllowed.indexOf(pluginType) !== -1) {
+            throw new Error("\"" + pluginType + "\" does not make sense in " + key + ". Remove it.");
+        }
+        if (config_1.default.mustQuote.indexOf(pluginType) !== -1) {
+            throw new Error("\"" + pluginType + "\" must be quoted in " + key + ". Change it to \"'" + pluginType + "'\" in your source list. Force this by enabling loose mode.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/report-uri.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var is_function_1 = __importDefault(require("../../is-function"));
+var is_string_1 = __importDefault(require("../../is-string"));
+module.exports = function (key, value) {
+    if (value === false) {
+        return;
+    }
+    if (is_function_1.default(value)) {
+        return;
+    }
+    if (!is_string_1.default(value) || value.length === 0) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use a non-empty string.");
+    }
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/require-sri-for.js

@@ -0,0 +1,22 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+module.exports = function requireSriForCheck(key, value) {
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To require nothing, omit the directive.");
+    }
+    value.forEach(function (expression) {
+        if (is_function_1.default(expression)) {
+            return;
+        }
+        if (config_1.default.requireSriForValues.indexOf(expression) === -1) {
+            throw new Error("\"" + expression + "\" is not a valid " + key + " value. Remove it.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/sandbox.js

@@ -0,0 +1,28 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+module.exports = function sandboxCheck(key, value) {
+    if (value === false) {
+        return;
+    }
+    if (value === true) {
+        return;
+    }
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings or `true`.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To block everything, set " + key + " to `true`.");
+    }
+    value.forEach(function (expression) {
+        if (is_function_1.default(expression)) {
+            return;
+        }
+        if (config_1.default.sandboxDirectives.indexOf(expression) === -1) {
+            throw new Error("\"" + expression + "\" is not a valid " + key + " directive. Remove it.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/check-directive/source-list.js

@@ -0,0 +1,37 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("../../config"));
+var is_function_1 = __importDefault(require("../../is-function"));
+module.exports = function sourceListCheck(key, value) {
+    if (value === false) {
+        return;
+    }
+    if (!Array.isArray(value)) {
+        throw new Error("\"" + value + "\" is not a valid value for " + key + ". Use an array of strings.");
+    }
+    if (value.length === 0) {
+        throw new Error(key + " must have at least one value. To block everything, set " + key + " to [\"'none'\"].");
+    }
+    value.forEach(function (sourceExpression) {
+        if (!sourceExpression) {
+            throw new Error("\"" + sourceExpression + "\" is not a valid source expression. Only non-empty strings are allowed.");
+        }
+        if (is_function_1.default(sourceExpression)) {
+            return;
+        }
+        sourceExpression = sourceExpression.valueOf();
+        if (typeof sourceExpression !== 'string' || sourceExpression.length === 0) {
+            throw new Error("\"" + sourceExpression + "\" is not a valid source expression. Only non-empty strings are allowed.");
+        }
+        var directiveInfo = config_1.default.directives[key];
+        if (!directiveInfo.hasUnsafes && config_1.default.unsafes.indexOf(sourceExpression) !== -1 ||
+            !directiveInfo.hasStrictDynamic && config_1.default.strictDynamics.indexOf(sourceExpression) !== -1) {
+            throw new Error("\"" + sourceExpression + "\" does not make sense in " + key + ". Remove it.");
+        }
+        if (config_1.default.mustQuote.indexOf(sourceExpression) !== -1) {
+            throw new Error("\"" + sourceExpression + "\" must be quoted in " + key + ". Change it to \"'" + sourceExpression + "'\" in your source list. Force this by enabling loose mode.");
+        }
+    });
+};

node_modules/helmet-csp/dist/lib/check-options/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var dasherize_1 = __importDefault(require("dasherize"));
+var check_directive_1 = __importDefault(require("./check-directive"));
+function isObject(value) {
+    return Object.prototype.toString.call(value) === '[object Object]';
+}
+module.exports = function (options) {
+    if (!isObject(options)) {
+        throw new Error('csp must be called with an object argument. See the documentation.');
+    }
+    var directives = options.directives;
+    if (!isObject(directives) || Object.keys(directives).length === 0) {
+        throw new Error('csp must have at least one directive under the "directives" key. See the documentation.');
+    }
+    Object.keys(directives).forEach(function (directiveKey) {
+        var typedKey = directiveKey;
+        check_directive_1.default(dasherize_1.default(directiveKey), directives[typedKey], options);
+    });
+};

node_modules/helmet-csp/dist/lib/config.js

@@ -0,0 +1,64 @@
+"use strict";
+module.exports = {
+    directives: {
+        'base-uri': { type: 'sourceList' },
+        'block-all-mixed-content': { type: 'boolean' },
+        'child-src': { type: 'sourceList' },
+        'connect-src': { type: 'sourceList' },
+        'default-src': {
+            type: 'sourceList',
+            hasStrictDynamic: true,
+        },
+        'font-src': { type: 'sourceList' },
+        'form-action': { type: 'sourceList' },
+        'frame-ancestors': { type: 'sourceList' },
+        'frame-src': { type: 'sourceList' },
+        'img-src': { type: 'sourceList' },
+        'manifest-src': { type: 'sourceList' },
+        'media-src': { type: 'sourceList' },
+        'object-src': { type: 'sourceList' },
+        'script-src': {
+            type: 'sourceList',
+            hasUnsafes: true,
+            hasStrictDynamic: true,
+        },
+        'style-src': {
+            type: 'sourceList',
+            hasUnsafes: true,
+        },
+        'prefetch-src': { type: 'sourceList' },
+        'plugin-types': { type: 'pluginTypes' },
+        sandbox: { type: 'sandbox' },
+        'report-to': { type: 'reportUri' },
+        'report-uri': { type: 'reportUri' },
+        'require-sri-for': { type: 'requireSriFor' },
+        'upgrade-insecure-requests': { type: 'boolean' },
+        'worker-src': {
+            type: 'sourceList',
+            hasUnsafes: true,
+        },
+    },
+    allHeaders: [
+        'Content-Security-Policy',
+        'X-Content-Security-Policy',
+        'X-WebKit-CSP',
+    ],
+    mustQuote: ['none', 'self', 'unsafe-inline', 'unsafe-eval', 'strict-dynamic'],
+    unsafes: ["'unsafe-inline'", 'unsafe-inline', "'unsafe-eval'", 'unsafe-eval'],
+    strictDynamics: ["'strict-dynamic'", 'strict-dynamic'],
+    requireSriForValues: ['script', 'style'],
+    sandboxDirectives: [
+        'allow-downloads',
+        'allow-downloads-without-user-activation',
+        'allow-forms',
+        'allow-modals',
+        'allow-orientation-lock',
+        'allow-pointer-lock',
+        'allow-popups',
+        'allow-popups-to-escape-sandbox',
+        'allow-presentation',
+        'allow-same-origin',
+        'allow-scripts',
+        'allow-top-navigation',
+    ],
+};

node_modules/helmet-csp/dist/lib/contains-function.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var is_function_1 = __importDefault(require("./is-function"));
+module.exports = function containsFunction(obj) {
+    for (var key in obj) {
+        if (!Object.prototype.hasOwnProperty.call(obj, key)) {
+            continue;
+        }
+        var value = obj[key];
+        if (Array.isArray(value) && value.some(is_function_1.default) || is_function_1.default(value)) {
+            return true;
+        }
+    }
+    return false;
+};

node_modules/helmet-csp/dist/lib/get-header-keys-for-browser.js

@@ -0,0 +1,113 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var config_1 = __importDefault(require("./config"));
+function goodBrowser() {
+    return ['Content-Security-Policy'];
+}
+var handlersByBrowserName = {
+    'Android Browser': function (browser) {
+        var osVersionName = browser.getOS().versionName;
+        if (osVersionName && parseFloat(osVersionName) < 4.4) {
+            return [];
+        }
+        return ['Content-Security-Policy'];
+    },
+    Chrome: function (browser) {
+        var browserVersion = parseFloat(browser.getBrowserVersion());
+        if (browserVersion >= 14 && browserVersion < 25) {
+            return ['X-WebKit-CSP'];
+        }
+        else if (browserVersion >= 25) {
+            return ['Content-Security-Policy'];
+        }
+        else {
+            return [];
+        }
+    },
+    'Chrome Mobile': function (browser, options) {
+        if (browser.getOSName() === 'iOS') {
+            return ['Content-Security-Policy'];
+        }
+        else {
+            return handlersByBrowserName['Android Browser'](browser, options);
+        }
+    },
+    Firefox: function (browser) {
+        var osName = browser.getOSName();
+        if (osName === 'iOS') {
+            return ['Content-Security-Policy'];
+        }
+        var browserVersion = parseFloat(browser.getBrowserVersion());
+        if (osName === 'Android') {
+            if (browserVersion >= 25) {
+                return ['Content-Security-Policy'];
+            }
+            else {
+                return ['X-Content-Security-Policy'];
+            }
+        }
+        else if (browser.getPlatformType(true) === 'mobile') {
+            // This is probably Firefox OS.
+            if (browserVersion >= 32) {
+                return ['Content-Security-Policy'];
+            }
+            else {
+                return ['X-Content-Security-Policy'];
+            }
+        }
+        else if (browserVersion >= 23) {
+            return ['Content-Security-Policy'];
+        }
+        else if (browserVersion >= 4 && browserVersion < 23) {
+            return ['X-Content-Security-Policy'];
+        }
+        else {
+            return [];
+        }
+    },
+    'Internet Explorer': function (browser) {
+        var browserVersion = parseFloat(browser.getBrowserVersion());
+        var header = browserVersion < 12 ? 'X-Content-Security-Policy' : 'Content-Security-Policy';
+        return [header];
+    },
+    'Microsoft Edge': goodBrowser,
+    'Microsoft Edge Mobile': goodBrowser,
+    Opera: function (browser) {
+        var browserVersion = parseFloat(browser.getBrowserVersion());
+        if (browserVersion >= 15) {
+            return ['Content-Security-Policy'];
+        }
+        else {
+            return [];
+        }
+    },
+    Safari: function (browser) {
+        var browserVersion = parseFloat(browser.getBrowserVersion());
+        if (browserVersion >= 7) {
+            return ['Content-Security-Policy'];
+        }
+        else if (browserVersion >= 6) {
+            return ['X-WebKit-CSP'];
+        }
+        else {
+            return [];
+        }
+    },
+};
+module.exports = function getHeaderKeysForBrowser(browser, options) {
+    if (!browser) {
+        return config_1.default.allHeaders;
+    }
+    if (options.disableAndroid && browser.getOSName() === 'Android') {
+        return [];
+    }
+    var browserName = browser.getBrowserName();
+    if (Object.prototype.hasOwnProperty.call(handlersByBrowserName, browserName)) {
+        return handlersByBrowserName[browserName](browser, options);
+    }
+    else {
+        return config_1.default.allHeaders;
+    }
+};

node_modules/helmet-csp/dist/lib/is-boolean.js

@@ -0,0 +1,4 @@
+"use strict";
+module.exports = function isBoolean(value) {
+    return Object.prototype.toString.call(value) === '[object Boolean]';
+};

node_modules/helmet-csp/dist/lib/is-function.js

@@ -0,0 +1,4 @@
+"use strict";
+module.exports = function isFunction(value) {
+    return value instanceof Function;
+};

node_modules/helmet-csp/dist/lib/is-string.js

@@ -0,0 +1,4 @@
+"use strict";
+module.exports = function isString(value) {
+    return Object.prototype.toString.call(value) === '[object String]';
+};

node_modules/helmet-csp/dist/lib/parse-dynamic-directives.js

@@ -0,0 +1,30 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var is_function_1 = __importDefault(require("./is-function"));
+var is_string_1 = __importDefault(require("./is-string"));
+module.exports = function parseDynamicDirectives(directives, functionArgs) {
+    var result = {};
+    Object.keys(directives).forEach(function (key) {
+        var typedKey = key;
+        var value = directives[typedKey];
+        if (Array.isArray(value)) {
+            result[typedKey] = value.map(function (element) {
+                if (is_function_1.default(element)) {
+                    return element.apply(void 0, functionArgs);
+                }
+                else {
+                    return element;
+                }
+            });
+        }
+        else if (is_function_1.default(value)) {
+            result[typedKey] = value.apply(void 0, functionArgs);
+        }
+        else if (value === true || is_string_1.default(value)) {
+            result[typedKey] = value;
+        }
+    });
+    return result;
+};

node_modules/helmet-csp/dist/lib/transform-directives-for-browser.js

@@ -0,0 +1,64 @@
+"use strict";
+function transformDirectivesForPreCsp1Firefox(directives, basePolicy) {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    var result = Object.assign({}, basePolicy);
+    // Copy `connectSrc` to `xhrSrc`
+    var connectSrc = directives.connectSrc;
+    if (connectSrc) {
+        result.xhrSrc = connectSrc;
+    }
+    // Copy everything else
+    Object.keys(directives).forEach(function (key) {
+        if (key !== 'connectSrc') {
+            result[key] = directives[key];
+        }
+    });
+    // Rename `scriptSrc` values `unsafe-inline` and `unsafe-eval`
+    var scriptSrc = directives.scriptSrc;
+    if (scriptSrc) {
+        var optionsValues = [];
+        if (scriptSrc.indexOf("'unsafe-inline'") !== -1) {
+            optionsValues.push('inline-script');
+        }
+        if (scriptSrc.indexOf("'unsafe-eval'") !== -1) {
+            optionsValues.push('eval-script');
+        }
+        if (optionsValues.length !== 0) {
+            result.options = optionsValues;
+        }
+    }
+    return result;
+}
+module.exports = function transformDirectivesForBrowser(browser, directives) {
+    // For now, Firefox is the only browser that needs to be transformed.
+    if (!browser || browser.getBrowserName() !== 'Firefox') {
+        return directives;
+    }
+    var osName = browser.getOSName();
+    if (osName === 'iOS') {
+        return directives;
+    }
+    var browserVersion = parseFloat(browser.getBrowserVersion());
+    if (osName === 'Android' && browserVersion < 25 ||
+        browser.getPlatformType(true) === 'mobile' && browserVersion < 32) {
+        return transformDirectivesForPreCsp1Firefox(directives, { defaultSrc: ['*'] });
+    }
+    else if (browserVersion >= 4 && browserVersion < 23) {
+        var basePolicy = {};
+        if (browserVersion < 5) {
+            basePolicy.allow = ['*'];
+            if (directives.defaultSrc) {
+                basePolicy.allow = directives.defaultSrc;
+                directives = Object.assign({}, directives);
+                delete directives.defaultSrc;
+            }
+        }
+        else {
+            basePolicy.defaultSrc = ['*'];
+        }
+        return transformDirectivesForPreCsp1Firefox(directives, basePolicy);
+    }
+    else {
+        return directives;
+    }
+};

node_modules/helmet-csp/dist/lib/types.d.ts

@@ -0,0 +1,71 @@
+/// <reference types="node" />
+import { IncomingMessage, ServerResponse } from 'http';
+declare type DirectiveType = string | ((req: IncomingMessage, res: ServerResponse) => string);
+export declare type SourceListDirective = false | DirectiveType[];
+export declare type PluginTypesDirective = false | DirectiveType[];
+export declare type SandboxDirective = false | DirectiveType[];
+export declare type ReportUriDirective = false | DirectiveType;
+export declare type RequireSriForDirective = false | DirectiveType[];
+export interface KebabCaseDirectives {
+    'base-uri'?: SourceListDirective;
+    'block-all-mixed-content'?: boolean;
+    'child-src'?: SourceListDirective;
+    'connect-src'?: SourceListDirective;
+    'default-src'?: SourceListDirective;
+    'font-src'?: SourceListDirective;
+    'form-action'?: SourceListDirective;
+    'frame-ancestors'?: SourceListDirective;
+    'frame-src'?: SourceListDirective;
+    'img-src'?: SourceListDirective;
+    'manifest-src'?: SourceListDirective;
+    'media-src'?: SourceListDirective;
+    'object-src'?: SourceListDirective;
+    'sandbox'?: SandboxDirective;
+    'script-src'?: SourceListDirective;
+    'style-src'?: SourceListDirective;
+    'prefetch-src'?: SourceListDirective;
+    'plugin-types'?: PluginTypesDirective;
+    'report-to'?: ReportUriDirective;
+    'report-uri'?: ReportUriDirective;
+    'require-sri-for'?: RequireSriForDirective;
+    'upgrade-insecure-requests'?: boolean;
+    'worker-src'?: SourceListDirective;
+}
+export interface CamelCaseDirectives {
+    baseUri?: SourceListDirective;
+    blockAllMixedContent?: boolean;
+    childSrc?: SourceListDirective;
+    connectSrc?: SourceListDirective;
+    defaultSrc?: SourceListDirective;
+    fontSrc?: SourceListDirective;
+    formAction?: SourceListDirective;
+    frameAncestors?: SourceListDirective;
+    frameSrc?: SourceListDirective;
+    imgSrc?: SourceListDirective;
+    manifestSrc?: SourceListDirective;
+    mediaSrc?: SourceListDirective;
+    objectSrc?: SourceListDirective;
+    scriptSrc?: SourceListDirective;
+    styleSrc?: SourceListDirective;
+    prefetchSrc?: SourceListDirective;
+    pluginTypes?: PluginTypesDirective;
+    sandbox?: SandboxDirective;
+    reportTo?: ReportUriDirective;
+    reportUri?: ReportUriDirective;
+    requireSriFor?: RequireSriForDirective;
+    upgradeInsecureRequests?: boolean;
+    workerSrc?: SourceListDirective;
+}
+export declare type AllDirectives = CamelCaseDirectives & KebabCaseDirectives;
+export interface ParsedDirectives {
+    [key: string]: string[] | string | boolean;
+}
+export interface CspOptions {
+    browserSniff?: boolean;
+    directives?: AllDirectives;
+    disableAndroid?: boolean;
+    loose?: boolean;
+    reportOnly?: boolean | ((req: IncomingMessage, res: ServerResponse) => boolean);
+    setAllHeaders?: boolean;
+}
+export {};

node_modules/helmet-csp/dist/lib/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });